[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [inbox] Re: [Full-Disclosure] Windows covert channel

To: "'jazper'" <jazper@cox.net>, <full-disclosure@lists.netsys.com>
Subject: RE: [inbox] Re: [Full-Disclosure] Windows covert channel
From: "Curt Purdy" <purdy@tecman.com>
Date: Mon, 20 Oct 2003 09:48:52 -0500

> You are probably thinking of ADS(Alternate Data Streams).
>
> jazper
>
>
> > I seem to remember in the dim reaches of my memory a covert
> channel in
> > the Windows file system where you could paste one file at
> the end of
> > another without it being detectible when you edited the
> orginal file.


It may be that he is referring to an exe packer as used to attach a trojan
to a legitimate exe aka whackamole.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Windows covert channel
  - From: "jazper" <jazper@cox.net>

Prev by Date: Re: [Full-Disclosure] JAP Wins Court Victory
Next by Date: [Full-Disclosure] Re: Linux Ported Version of MS03-043 DOS
Previous by thread: Re: [Full-Disclosure] Windows covert channel
Next by thread: Re: [Full-Disclosure] Windows covert channel
Index(es):
- Date
- Thread